<?php
  if (isset($_POST['usr']))
   {
       include("includes/conf.inc.php");
       include("includes/function.php");
       
       $usr = $_POST['usr'];
       $pass = md5($_POST['pass']);
       if ($usr == "" || $pass == md5("")) die("Blank usr or pass !");
       $id = mysql_connect($db_host,$db_usr,$db_pass) or die("Can't connect to the DB server: ".mysql_error());
       
       mysql_query("create database if not exists userdb",$id);
       
       mysql_select_db($db_name,$id);

       $res = mysql_query("select * from $usr_tbl where username='$usr' and password='$pass'");
       if (mysql_num_rows($res) == 1) 
       {        
          session_start();                  
          $obj = mysql_fetch_object($res);
          $uid = $obj->id;
          SetSession($usr, $uid);
          //echo $_SESSION['usr'];
       }
       else
       {
        die("Wrong username or password! <br />");
       }
   }
   header("Location:".$_SERVER['HTTP_REFERER']);
?>